Re: Misconfigured AD
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 20:33:29 -0500
In news:2B47B68E-970E-4A4E-A1B3-E43DA6C7FCBC@xxxxxxxxxxxxx,
Kelly <Kelly@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on below:
I know I have AD problems but I have not been able to nail them down.<snipped>
I have a Parent domain with 2 child domains and an exchange server
that resides in the Parent domain. One child is fine. The other has
issues. These issues pop up when I am trying to administer the
exchange permissions. From the parent controller I can pull up the
user in the child domain and I can view the Mailbox Rights but when I
try to add rights I get "The program cannot open the required dialog
box because it cannot determine whether the computer named "domain
controller" is joined to a domain." I hit close and get "Unable to
display the user selection dialog box. The RPC server is
unavailable." I have checked and, according to services, RPC is
running. When I open up the account properties on the mail server I
get "The operation failed. ID no.:80004005. Microsoft Active
Directory - Exchange Extension". When I go into the account
properties on the child domains DC and try to open Mailbox Rights I
get "There is no such object on the server. Facility LDAP provider.
ID no.: 80072030. Microsoft Active Directory - Exchange Extension."
I have run the addiag.exe tool on the DC of the child domain and here
are the results:
I agree with Herb that it's more than likely a DNS misconfiguration.
Whenever an AD function (client looking to logon, opening an MMC to anything
in AD, printer or drive mapping authentication, logging on, etc etc etc),
queries DNS to ask it "Where's a domain controller for my domain?" If DNS is
misconfigured or using an external DNS, it will never get the answer and
authentication fails. RPC server not available is a result of not finding
the server, therefore it cannot connect to the RPC service on that server.
DNS misconfig can cause mutliple things, such as:
1. Pointing to the wrong DNS (an ISP's perhaps). Never use an outside DNS or
a DNS server that does not host the AD zone or that does not have some sort
of reference to get to the AD zone, such as a conditional forwarder, stub
zone, secondary, etc. An ISP's DNS does NOT have any information about the
internal private domain.
2. Parent/Child DNS misconfiguration. We'll need to know what DNS servers
are being used for the Parent and Child domains, is there a delegation,
forwarding, stubs, etc, to determine this.
3. AD DNS domain name is a single label name. This is VERY problematic.
4. The DCs maybe dual homed. This is very problematic as well.
Can you elaborate with specifics on how DNS is setup between the parent and
child, and what DNS addresses are being used on the child members and parent
members? Easier if you can provide an ipconfig /all from the following:
Parent domain DC
Parent domain client
Child domain DC
child domain client
Is there a delegation in place from the parent DNS server to the child DNS?
Stub zones on the parent defiing the child zone?
Primary/Secondary between parent and child?
Keep in mind, this is NOT an Exchange error.
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- Follow-Ups:
- Re: Misconfigured AD
- From: Paul Bergson [MVP-DS]
- Re: Misconfigured AD
- Prev by Date: Re: Windows Shutdown - lasass.exe terminated unexpectedly code 1073741819
- Next by Date: Re: Error when launching ADUC
- Previous by thread: Re: Misconfigured AD
- Next by thread: Re: Misconfigured AD
- Index(es):
Relevant Pages
|
Loading
